<?php
/*
	Copyright 2006, 2007, 2008, 2009, 2010 Bastiaan Grutters
    
    This file is part of Ages of Strife website.

    Ages of Strife website is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    Ages of Strife website is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Ages of Strife website.  If not, see <http://www.gnu.org/licenses/>.
 */
include( '../global/initialize.php' );

include( "../global/adodb-time.inc.php" );

$hide = 0;
if( isset( $_POST[ 'title' ] ) && formatEmail( $_POST[ 'title' ] ) != '' ) {
	$history_id = formatInput( getPostValue( 'history_id' ) );
	if( can_edit_history( $history_id ) || $history_id == -1 ) {
		$text = $_POST[ 'text' ];
		$text = strip_tags( $text, '<a><b><i><u><strong><h1><h2><img><em>');
		$text = str_replace( 'style', 'not_allowed', $text );
		$text = str_replace( 'onmouseover', 'not_allowed', $text );
		$text = str_replace( 'onclick', 'not_allowed', $text );
		$text = str_replace( 'onload', 'not_allowed', $text );
		$text = str_replace( 'onmouseout', 'not_allowed', $text );
		$text = addslashes( $text );
		$anonymous = 0;
		
		if( isset( $_POST[ 'anonymous' ] ) ) {
			$anonymous = 1;
		}

		if( can_publish_history() && isset( $_POST[ 'hide' ] ) ) {
			$hide = 1;
		}
		
		$base_date = formatInput( getPostValue( 'date' ) );
		$base_date = split( '-', $base_date );
		$extra = getPostValue( 'days_off' );
		if( !is_numeric( $extra ) ) {
			$extra = 0;
		}
		
		//print( "extra: $extra <br />" );
		
		if( is_numeric( $extra ) && is_numeric( $base_date[0] ) && is_numeric( $base_date[1] ) && is_numeric( $base_date[2] ) ) {
			//print_r( $base_date );
			if( isset( $history_id ) && $history_id != -1 ) {
				$query = "SELECT turn " .
						"FROM history " .
						"WHERE history_id = $history_id";
				$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
				$row = mysql_fetch_array( $result, MYSQL_ASSOC );
				$publish_turn = $row[ 'turn' ] + $extra;
			}
			else {
				$publish_turn = getCurrentTurn() + $extra;
			}
			$publish_date = adodb_mktime ( 0, 0, 0, $base_date[1], $base_date[0] + $extra, $base_date[2] );
			$publish_date = adodb_date( 'd-m-Y', $publish_date );
			//print( "publish_turn: $publish_turn <br />" );
			//print_r( $publish_date );
		}
		else {
			$publish_date = getCurrentDate();
			//print( "date: $publish_date <br />" );
			$publish_turn = getCurrentTurn();
		}
		
		if( $history_id == -1 ) { // New entry
			$query3 = "INSERT INTO history " .
					"( title, text, ruler_id, date, turn, anonymous, hide ) " .
					"VALUES ( '" . getPostValue( 'title' ) . "', '" . $text . "', " . $_SESSION[ 'ruler_id' ] . ", " .
							"'$publish_date', $publish_turn, $anonymous, $hide )";
			mysql_query( $query3 ) or die( "Query failed : " . mysql_error() );
			
			$query = "SELECT history_id " .
					"FROM history " .
					"WHERE title = '" . getPostValue( 'title' ) . "' AND text = '" . $text . "' " .
					"AND turn = $publish_turn AND ruler_id = " . $_SESSION[ 'ruler_id' ];
			$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
			$row = mysql_fetch_array( $result, MYSQL_ASSOC );
			$history_id = $row[ 'history_id' ];
			
			toggle_history_subscription( $history_id, $_SESSION[ 'ruler_id' ], true );
			
		    $query = "SELECT ruler_id " .
		    		"FROM users " .
		    		"JOIN ruler ON users.user_id = ruler.user_id " .
		    		"WHERE editor = 1 OR admin = 1";
		    $result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
		    $num = mysql_numrows( $result );
			$i = 0;
			while ( $i < $num ) {
				$query3 = "INSERT INTO history_seen " .
						"( ruler_id, history_id ) " .
						"VALUES( " . mysql_result( $result, $i, "ruler_id" ) . ", $history_id )";
				mysql_query( $query3 ) or die( "Query failed : " . mysql_error() );
				$i ++;
			}
			$status = translate( "Created history item." );
		}
		else { // Old entry
			$query3 = "UPDATE history " .
					"SET text = '$text', " .
					"title = '" . getPostValue( 'title' ) . "', date = '$publish_date', " .
					"turn = $publish_turn, anonymous = $anonymous, hide = $hide " .
					"WHERE history_id = " . $history_id;
			mysql_query( $query3 ) or die( "Query failed : " . mysql_error() );
			$status = translate( "Saved history item." );
		}
	}
	else {
		$status = translate( "You are not allowed to edit this history entry." );
	}
	
	if( $hide == 0 && isset( $_POST[ 'publish' ] ) && $_POST[ 'publish' ] == 'publish' ) {
		if( can_publish_history() ) {
			$query3 = "UPDATE history " .
					"SET visible = 1 " .
					"WHERE history_id = " . $history_id;
			mysql_query( $query3 ) or die( "Query failed : " . mysql_error() );
		    $query = "SELECT ruler_id " .
		    		"FROM users " .
		    		"JOIN ruler ON users.user_id = ruler.user_id " .
		    		"WHERE highlight_history = 1";
		    $result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
		    $num = mysql_numrows( $result );
			$i = 0;
			while ( $i < $num ) {
				$query3 = "INSERT INTO history_seen " .
						"( ruler_id, history_id ) " .
						"VALUES( " . mysql_result( $result, $i, "ruler_id" ) . ", $history_id )";
				mysql_query( $query3 ) or die( "Query failed : " . mysql_error() );
				$i ++;
			}
			$status = translate( "Saved and published history item." );
		}
		else {
			$status = translate( "You are not allowed to publish history entries." );
		}
	}
}
else {
	$status = translate( "You can't submit unnamed stories." );
	$_SESSION[ 'old_history_text' ] = $_POST[ 'text' ];
}

$_SESSION[ 'history_write_status' ] = $status;

if( isset( $history_id ) ) {
	header( "Location: write.php?id=$history_id" );
}
else {
	header( "Location: write.php" );
}
?>
